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DOCUMENT WITH USER AUTHENTICATION j 
FIELD OF THE INVENTION 

5 

This invention relates to a document that comprises beneficiary authentication data. A 
document is any item which carries information. A beneficiary is a person or entity that 
benefits in some manner because of the document. An example would be a document that 
is a cheque (i.e. a bill of exchange drawn on a bank by a holder of an account at that bank) 
10 made payable to a beneficiary who is the payee. The cheque includes supplemental payee 
authentication data. 

DESCRIPTION OF THE PRIOR ART 

15 Cheque fraud is an increasing threat to the operation of the banking systems in many 
countries. 

A large amount of fraud takes place by falsification of the payee name and the amount on 
cheques. This is frequently done by means of "cheque washing", carried out by using a 

20 solvent to wash off the original printed characters, enabling the fraudster to replace them 
with new printed characters (e.g. his own name). An implementation of this invention is 
concerned with cheques that are fraudulently acquired and cashed at remote outlets such as 
cheque cashing agencies. The challenge is to authenticate the person who presents the 
cheque (i.e. confirm the identify of in order to verify entitlement: is the payee named on the 

25 original cheque the same person who is representing himself as the payee at the cheque 
cashing agency?). According to one authority, "Experience in the banking industry finds that 
aggressively checking identification would reduce bank fraud losses in large banks by 40%". 



30 



Currently, identity is frequently established by the use of drivers' licences, social security 
cards or other documentary means. But if person X has had a cheque made payable to him 
stolen, then it is possible that fraudulent person Y will 'wash' off name X printed on the 



cheque and replace it with his own. (Fraudulent payee Y can then cash the cheque, using his 
valid drivers license as identification. Fraudulent person Y may not even bother to change 
the payee name, but instead rely on not being asked to authenticate himself or in having 
some false identity document in the name of person X. ) 

One conventional solution to this is to embed data into the document to make the 
document self-authenticating. For example, the payee name and amount can be encoded 
and that data printed onto the document in an encrypted form. When the cheque is 
presented for cashing, the encrypted data can be read out, decrypted and the payee name and 
amount compared with the payee name and amount printed on the cheque. Because a 
fraudulent person should not be able to encode and encrypt an altered name or amount onto 
the cheque, this procedure is reasonably robust. However, if the fraudster has stolen an 
identification document belonging to the true beneficiary, he can pose as him and will not 
need to alter the cheque at all. 

A parallel thread to the above problems is that the reliable establishment of identity has 
become a more prominent issue with the recent anxiety over terrorism and identity theft, 
and research into more effective means is ongoing. Biometric techniques have been refined, 
moving beyond the long established fingerprint recognition through to methods such as iris 
recognition (techniques being pursued by the Federal Aviation Authority (FAA) for 
instance.) Biometric identification parameters have been encoded onto identity cards in 
various forms including the use of machine readable chips. However, identity documents 
that offer sophisticated and secure methods of verifying the name etc. of a person would still 
offer no bar to the simple technique of cheque washing, since the fraudulent person can 
replace the true payee name with his own, and then present the cheque with payee name 
altered to his own name and support that with his own identification document. 
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SUMMARY OF THE INVENTION 

In a first aspect, there is a document which comprises the name of an ostensible beneficiary 
in human readable form, together with machine readable encoded data that can be decoded 
5 to generate a unique identifier, the unique identifier also being a function of unique data 
present in a human readable form on an identification item carried by a true beneficiary of 
the document-, but having no simple functional relationship to any data on the document, 
such that the ostensible beneficiary of a document can be authenticated by comparing the 
unique identifier obtained from the document with the unique data on the identification item 
10 provided by the ostensible beneficiary. 

Where the document is a cheque, then the invention enables the authentication (e.g. 
verification of entitlement) of (a) whether the person presenting the cheque is the person 
named on the original cheque and also (b) whether the original cheque itself has been 
1 5 tampered with by altering the payee name. Prior art systems that require the person to show 
an ID that matches with the name on the cheque address problem (a) but not (b). Prior art 
self-authentication systems address problem (b) but not (a). 

This implementation meets the need for a simple and low-cost solution to cheque tampering. 

20 For example, in one implementation, the security of cheque cashing operations at offline 
agencies is enhanced by printing an encoded form of personal identification onto cheques. 
The unique data could be a social security number, so that at a cheque cashing store or other 
kind of offline agency, the cashier would simply have to read off the encoded version of the 
social security number from the cheque using a simple and low cost reader with a simple 

25 decoding engine (requiring no on-line connection), have that number displayed at a cash till 
or computer and then compare that number with the number written on the identity card or 
social security card presented by the ostensible beneficiary, plus (ideally) make a visual 
comparison between the appearance of the ostensible beneficiary and his photograph on the 
social security card. This represents a simple, easy to use and reliable way of ensuring that 

30 cheques are cashed only to the true beneficiary as named on the original cheque. A fraudster 
cannot simply wash the payee name off and replace it with his own, since the unique 
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identifier obtained from the cheque itself (and associated with the true beneficiary) will not 
match (or otherwise correspond to) the unique data obtained from the fraudster's 
identification item. 



5 
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DETAILED DESCRIPTION 

The invention aims to capitalise on and leverage off the various forms of documentary 
identification items in use by encoding onto cheques data that relates to an identification 
5 item. This unique data may be a driver's licence number, the social security number (SSN) or 
some data referring to a biometric measurement that appears on or is derivable from the 
identification item. An identification item is any object that carries identification 
information. It may be a printed document (identification card, passport, social security 
card, drivers licence etc). Because the invention ties authentication of a beneficiary named 

10 in a document to an identification item associated with that beneficiary, it enables 
identification to be made at outlets which do not have online access to further information. 
Further, since many identification items contain secured images of the relevant person, this 
gives rise to greater confidence in their authenticity. Identification of a customer is achieved 
by a sales person simply scanning in the customer's cheque using normal bar code scanning 

15 point of sale equipment; that equipment then decodes and displays (on the cash register 
display) the identification data, which the sales person can then easily compare with the 
identification data printed on an identification item presented by the customer to the sales 
person. Ideally, the identification item should include an identity photograph so that the 
sales person can check that the identification item itself appears to be owned by the person 

20 presenting it. 

Increasingly, identification items are to be protected by the use of biometric data which is 
stored in some form of memory chip secured onto the item. Typically, an adequate 
representation of a fingerprint can be stored in roughly 200 bytes of data. The code added to 

25 a cheque might contain the whole of that data or might simply contain a digest of the data 
with sufficient bits to be unique to all intents and purposes. Thus a 20 bit digest would be 
provide more than a million possible configurations. The currently popular iris recognition 
identification provides another possible form of biometric representation and again the 
whole or part of the data may be added to a cheque. Where biometric data is used as the 

30 unique data, some form of automatic comparison between the biometric data encoded on 
the document with that obtained from the identification item is useful: this may involve 
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scanning the document to extract the encoded biometric data and also scanning the 
identification item to extract the biometric data encoded in it. The ultimate extension of this 
is for the identification item to be a part of the human body from which the biometric data 
is derived — e.g. an iris or fingerprint. Then, an automatic iris scanner or fingerprint reader at 
5 the cheque cashing outlet etc. can be used to extract the biometric data from the ostensible 
beneficiary. 

To encode the identification data, the cheque itself can be printed with a conventional 1 or 
2D barcode or more sophisticated symbologies, such as those available from Enseal Systems 
10 Limited and disclosed in PCT/GB02/00539. In this way, a fraudulent person presenting the 
cheque for payment cannot simply replace the true payee's name with his own and present 
his own drivers license etc. as proof of identity, since the encoded drivers license data on the 
cheque will not match that from the fraudulent payee's actual license. 

15 In effect, the cheque has encoded onto it a reference to a more complicated set of data 
relating to an individual, where the data itself would require a far larger payload than is 
feasible in a simple printing process on a limited area of a cheque. 

The printing of identification data is carried out in general at the same time as the printing of 
20 the customised variable data onto the cheque, using one of the range of symbologies which 
has been developed for ease of machine reading, in a manner that will not degrade the 
workflow unduly. Typically the cheque printing will be part of a large payroll operation in 
which the employer has data such as SSN's on a database so that the whole process is easily 
automated. However, the same system could be used for individual printing, as, for instance, 
25 a doctor printing a prescription intended for a particular person where the doctor is likely to 
have access to various forms of personal information about that person. 

The security of the information which is printed onto the cheque need not be compromised. 
If, for instance, an SSN were to be used, it could be transformed with a one way hash 
30 function before being encoded. It would be difficult for a fraudster to falsify a SSN to 
match a hashed value since hashes are essentially irreversible. At the receiving oudet the 
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software would calculate the same hash and compare the values without revealing what the 
values actually were. Hence, the person presenting a cheque for encashment would type in 
his SSN on a keypad at the point of sale and this would be hashed to generate the value 
which is compared with the value obtained when scanning the cheque. 

5 

Equally the unique data (e.g. SSN) might be combined with a date, account number or other 
variable to ensure that it did not always appear in the same format on the document. A 
further enhancement of security could be achieved by using the unique data as a key to some 
form of encryption of the unique data. 

10 

The use of printing by instruments such as ordinary lasers is to be compared with systems 
such as those used with ATMs, where data is added to a cheque card in the form of the 
modification of a magnetic stripe. Another important distinction with the ATM method is 
that the verification of identity at ATMs is based upon a PIN number which is a function of 
15 the account number encoded onto the cheque card. The present invention concerns data 
added onto a cheque which has no simple functional relationship to any data contained on 
the cheque. There will be no means of deducing the encoded identifier from the payee name 
or account number without actual access to the item (which will be some form of a 
document, as that term is defined in this specification) being used for identification. 

20 

One extension would be that a code word (e.g. dogs name, favourite drink etc) should be 
scrambled using a PIN and added to the ID card in machine readable form. At a point where 
identification takes place the person concerned types in the PIN and the code word and the 
software determines from a scan of the ID card whether there is a match. 

25 

The point is that a fraudster would have try out all possible PINS and all possible code 
words in order to defeat the system. In effect it is using a very long PIN number, where the 
code word would be an object that is easy to memorise. The advantage is that there would 
be no real way for a fraudster to know when the data was correcdy unscrambled. In fact, 
30 the same system could be used on the cheque using a code word, scrambled by a PIN, which 
could be a driver's licence number. 
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Another use for the present invention is to authenticate tickets, stamps or other indicia 
issued by a third party to an end-user and printed by that end-user. Then, the end-user 
/customer could pass to the vendor their unique data (e.g. passport number etc.) which 
5 could be hashed and printed on the ticket etc. When the ticket etc. was due to be used the 
passport etc. would have to be produced. 

A further use is to authenticate the user of a credit /debit/ charge card. These cards could 
include, as the unique identifier, a hashed, encoded version of unique data taken from an 
10 identification item (e.g. a photo ID card). Then, use of a credit etc, card at a retail oudet etc. 
would require the end-user to show the identification item as well as supply the credit card. 
The salesperson would swipe/read off data from the credit card in the normal way to pay for 
the goods, but would also read off the unique identifier and compare that with the unique 
data on the photo ID card. 
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